Provisioning organizations

Edge for Private Cloud v. 4.17.01

An organization is a container for all the objects in an Apigee account, including APIs, API
products, apps, and developers. Before you can start to develop with Edge and BaaS, you must
first create, or provision, an organization. Edge and BaaS organizations are separate, so you
have to provision organizations on both.

Note: At install time, the installer creates an Edge organization
named VALIDATE and a BaaS organization named TEST used to validate the installation. Do not use
these organization for your development. You must create new organizations before starting
development.

Provisioning an Edge organization

After you validate the Edge installation and you have successfully accessed the Edge UI, you
must provision an organization. An organization is associated with one or more pods, where each
pod must contain one or more Message Processors.

Use the following API call to create a user who will function as the organization admin.
Do not use the system admin account as an organization admin, but create a new user
instead:curl -H
"Content-Type:application/xml" -u
<sysAdminEmail>:<passwd>
\
-X POST https://<ms-api-domain>/v1/users \
-d '<User> \
<FirstName>New</FirstName> \
<LastName>User</LastName> \
<Password>newUserPWord</Password> \
<EmailId>foo@bar.com</EmailId> \
</User>'

In this call, and all the calls below, <ms-api-domain> is the
domain name of the Edge management API as defined by the load balancer for the Management
Servers.

Notice that this call uses the default region of "dc-1" and
pod of "gateway. If you changed these values at installation time, modifies
these values as necessary.

The final call adds the user you created above as the org admin for the org:curl -X POST -H
"Content-Type:application/x-www-form-urlencoded" \
-u <sysAdminEmail>:<passwd> \
https://<ms-api-domain>/v1/organizations/<org_name>/userroles/orgadmin/users?id=foo@bar.com

Obtain the UUIDs of all Message Processors. You need these UUIDs in the next step:curl -u
<sysAdminEmail>:<passwd>
https://<ms-api-domain>/v1/servers?pod=gateway

The output of this command is a JSON object with an entry for each Message Processor and
Router. For each Message Processor, you will see output in the form:

Use the following API calls to create an environment named "prod" in the organization. The
first call creates the environment:curl -H
"Content-Type:application/xml" -u
<sysAdminEmail>:<adminPasswd>
\
-X POST
https://<ms-api-domain>/v1/organizations/<org-name>/environments
\
-d '<Environment name="prod"/>'

Associates the environment with all Message Processors. Make this call for each Message
Processor that you want to associate with the environment:curl -H
"Content-Type:application/x-www-form-urlencoded" \
-u
<sysAdminEmail>:<adminPasswd>
-X POST \
https://<ms-api-domain>/v1/organizations/<org-name>/environments/prod/servers
\
-d "action=add&uuid=<uuid>"

Where <uuid> is the UUID of Message Processor that you
obtained in the previous step.

Obtain the UUIDs of all Qpid and Postgres servers. You need these UUIDs in the next
step.

For Qpid, run the command:curl -u
<sysAdminEmail>:<passwd>
https://<ms-api-domain>/v1/servers?pod=central

The output of this command is a JSON object. For each Qpid server, you will see output in the
form:

Log in to the Edge UI as the organization admin. You should be able to see the
organization, environments, and virtual host in the Edge UI.

Associating the Developer
Services portal with an Edge organization

Note: This step is only required if you installed the optional
Developer Services portal.

The portal acts as a client of Apigee Edge. When necessary, the portal makes a request to
retrieve information from Edge or to send information to Edge. There are three pieces of
information that the portal needs to communicate with Edge:

URL of the Edge API as defined by the Management Server load balancer -
The publicly accessible domain name of the Edge management API. For example,
https://edgemgmt.example.com. This URL is set when you install the portal and
you typically do not need to change it.

Apigee organization name - The name of your organization on Edge. The
portal can connect to a single Edge organization. If you have multiple organizations, this is
the organization you use to release your APIs. You create this organization when you provision
Edge as described above.

Username and password of an organization administrator - An organization
administrator account in the Edge organization used specifically by the portal to connect to
the organization. The account should not be used for any other purpose.

Because the portal displays developer apps and API products, it must stay in sync with your
Edge organization by making management API calls. Calls from the portal to Edge are
authenticated and require a user with organization administrator privileges.

To create an organization administrator:

In the Edge UI, log in to the organization you created above when provisioning the Edge
organization.

Select Admin > Organization Users in the Edge UI.

Select the +User button to add the new user.

Enter the user's email address.

Select Organization Administrator for the role.

Select Save.

The new user receives an email asking them to set the password. After setting the password, you
can use this account to configure the portal.

To change the connection information in the portal:

Log in to the portal using the the system admin's email address and password that you
specified in the Ops Manager when you installed Edge.

The portal UI appears.

In the portal administration menu, select Configuration > Dev
Portal.

Enter your organization name in Management API Organization.

TheManagement API Endpoint URL is set at install time. You should
not have to change it.

The only reason to change the Management API Endpoint URL is if the Management
Server load balancer for the Edge API is changed to use a different URL.

Enter the credentials of the new organization administrator that you created above in
Endpoint Authenticated User and Authenticated User's
Password.

Select Test Connection to make sure the connection is successful.

Select Save Configuration.

Log out of the portal, and then log in using the new organization administrator's
credentials.

The portal will now display information about APIs, API products, and developers associated
with the organization. Any new developers registering through the portal appear in the
organization in the Edge UI.

Optionally go to Configuration > System > Site information to set
the site name, sender for emails, and other site information.

Provisioning a BaaS organization

if you installed BaaS as part of the Edge installation, you must provision a BaaS organization
before you can start developing BaaS apps.

When you create an organization, you specify the organization name along with the
username, email address, and password of the organization administrator. The organization
administrator's email address:

Must be different from the system administrator's email address.

Must be unique among all other organizations. That is, you cannot create two organizations
with the same email address for the organization administrator. However, after creating the
organization, you can add additional administrators that can be duplicated across multiple
organizations.

After you enable Monetization for the organization, log in to the Edge UI. Select the
organization in the Organization drop-down list in the upper-right corner of the UI. You should
now see a Monetization menu entry: